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DETAILED ACTION 

1 . This action is issued in response to Application filed on July 28, 2003. 

2. Claims 1-15 and 19-35 are pending. Claims 16-18 and 36-55 are withdrawn. 

3. Claims 16-18 and 36-55 are withdrawn from further consideration pursuant to 37 
CFR 1.142(b) as being drawn to a nonelected invention, there being no allowable 
generic or linking claim. Election was made with traverse on January 26, 2006. 

Election/Restrictions 

Restriction to one of the following inventions is required under 35 U.S.C. 121: 

I. Claims 1-15 and 19-35, drawn to a method for storing authorization data to 
specify a textual pattern, classified in class 707, subclass 6. 

II. Claims 16-18 and 36-55, drawn to a method for storing configuration data, 
classified in class 707, subclass 102. 

Inventions I, and II, are related as combination and subcombinations. 

Inventions in this relationship are distinct if it can be shown that (1) the 
combination as claimed does not require the particular subcombination as claimed for 
patentability, and (2) that the subcombination has utility by itself or in other 
combinations (MPEP § 806.05(c)). In the instant case, the combination (I) as claimed 
for storing authorization data to specify a textual pattern does not require 
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subcombination (II) for storing configuration data as claimed because storing 
authorization data does not require also storing configuration data. Therefore, the 
inventions are distinct; however, they could be usable together. 

Because these inventions are distinct for the reasons given above and have 
acquired a separate status in the art as shown by their different classification, restriction 
for examination purposes as indicated is proper. 

Because these inventions are distinct for the reasons given above and the 
search required for I is not required for II, restriction for examination purposes as 
indicated is proper. 

Because these inventions are distinct for the reasons given above and have 
acquired a separate status in the art because of their recognized divergent subject 
matter, restriction for examination purposes as indicated is proper. 

A telephone call was made to Kent Sieffert at (651) 735.1100 on January 30, 
2006, 2005 to request an oral election to the above restriction requirement, applicant 
elects Group I with traverse. 

Drawings 

4. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(5) 
because they include the following reference character(s) not mentioned in the 
specification: Fig. 5, item 88. Corrected drawing sheets in compliance with 37 CFR 
1 .121(d), or amendment to the specification to add the reference character(s) in the 
description in compliance with 37 CFR 1.121(b) are required in reply to the Office action 
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to avoid abandonment of the application. Any amended replacement drawing sheet 
should include all of the figures appearing on the immediate prior version of the sheet, 
even if only one figure is being amended. Each drawing sheet submitted after the filing 
date of an application must be labeled in the top margin as either "Replacement Sheet" 
or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are not accepted by the 
examiner, the applicant will be notified and informed of any required corrective action in 
the next Office action. The objection to the drawings will not be held in abeyance. 



Claim Objections 

5. Claims 5,6,25, and 26 are objected to because of the following informalities: The 
term "course-grain" is misspelled within the claims as stated above. Appropriate 
correction is required. 



Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 



7. Claims 1-3,15,22-24, and 35 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Valois (US Patent Publication No. 2004/0260818). 
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Regarding Claims 1 and 22, Valois discloses a method comprising: 

storing authorization data that defines an access control attribute ([0058], 
lines 4-10, Valois) 1 and an associated regular expression specifying a textual 
pattern ([0057], lines 4-9, Valois); 

evaluating a command using the regular expression to determine whether 
the command matches the textual pattern ([0064], lines 1-5,Valois) 2 ; and 

controlling 3 access to configuration data of a device based on the 
evaluation ([0066], lines 1-9, Valois). 



Regarding Claims 2 and 23, Valois discloses a method wherein controlling 
access comprises 

allowing access to the configuration data when the textual pattern of the 
regular expression matches the command ([0067], lines 1-4, Valois). 



Regarding Claims 3 and 24, Valois discloses a method wherein controlling 
access comprises 

denying access to the configuration data when the textual pattern of the 
regular expression matches the command ([0067], lines 5-9, Valois). 



1 Examiner Notes: Authorization data corresponds to "references" and the definition is an attribute that is 
part of the Access Control List (ACL). 

Examiner Notes: The process of evaluating correspond to "identifying and assessing". Also "the list of 
rules" corresponds to command. 

3 Examiner Notes: The act of controlling the access is done by the "validation engine", which extracts and 
compares the information to determine if there is a match or not. 
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Regarding Claims 15 and 35, Valois discloses a method wherein 
controlling access comprises controlling access to configuration data of a router 
([0053], lines 6-10, Valois). 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Valois (US Patent Publication No. 2004/0260818) as applied to claims 1-3,15,22-24, 
and 35 above, and further in view of Mitra (US Patent No. 6,973,460). 

Regarding Claim 4, Valois discloses a method for storing authorization 
data ([0058], lines 4-10, Valois). However, Valois does not explicitly disclose 
storing the authorization data as a class that conforms to a class syntax. On the 
other hand, Mitra discloses storing the authorization data as a class that 
conforms to a class syntax (column 8, lines 7-18, Mitra). It would have been 
obvious to one of ordinary skill in the art at the time of the invention to 
incorporate Mitra's teaching into the Valois system. A skilled artisan would have 
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been motivated to combine the two references as suggested by Mitra (column 7, 
lines 48-52), in order for the classes to be annotated such that, at run-time, 
useful information about how the data is organized for each of the various ways 
of storing the data (i.e. configuration) may be extracted from the annotations. As 
a result, this allows for various services to perform operations in accordance with 
the information. 

10. Claims 5-11 and 25-31 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Valois (US Patent Publication No. 2004/0260818) and further in 
view of Delany (US Patent Publication No. 2002/0156879). 

Regarding Claims 5 and 25, Valois discloses a method for the evaluation 
of the regular expression ([0064], lines 1-5,Valois). However, Valois does not 
explicitly disclose including a course-grain access control attribute within the 
authorization data that defines access control rights for respective groups of 
resources provided by the device, and controlling access to the configuration 
data, based on the course-grain access control attribute. On the other hand, 
Delany discloses including a course-grain access control attribute ([01 18], lines 
1-6, Delany) within the authorization data that defines access control rights for 
respective groups of resources provided by the device ([0161], lines 1-3, Delany), 
and controlling access to the configuration data, based on the course-grain 
access control attribute ([01 18], lines 1-6, Delany). It would have been obvious to 
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one of ordinary skill in the art at the time of the invention to incorporate Delany's 
teachings into the Valois system. A skilled artisan would have been motivated to 
combine in order to achieve the level of detail at which the data would have been 
considered. Valois and Delany are analogous art because they are from the 
same field of endeavor of relating to a system that provides authorization 
compliance validation with a security policy. As a result, course-grain access 
provides higher performance through more optimized protocols and the data 
tends to work on contiguous regions at a time. 

Regarding Claims 6 and 26, the combination of Valois in view of Delany, 
disclose a method wherein the course-grain access control attribute comprises a 
set of permission bits, and each of the permission bits is associated with a 
respective group of the resources ([0161], lines 3-5, Delany). 

Regarding Claims 7 and 27, the combination of Valois in view of Delany, 
disclose a method further comprising receiving the command from a client via a 
command line interface ([0199], lines 2-11, Delany) 4 . 

Regarding Claims 8 and 28, the combination of Valois in view of Delany, 
disclose a method wherein evaluating the command comprises evaluating the 



4 Examiner Notes: Receiving the command from a client corresponds to "a user can request..." and the 
interface corresponds to "GUI". 



Application/Control Number: 10/628,885 Page 9 

Art Unit: 2161 

command in real-time ([0383], lines 9-14, Delany) while the client inputs the 
command via the command line interface ([0199], lines 2-11, Delany). 

Regarding Claims 9 and 29, the combination of Valois in view of Delany, 
disclose a method wherein the configuration data is arranged in the form of a 
multi-level configuration hierarchy having a plurality of objects (Fig. 5, [0142], 
lines 1-2, Delany), and each of the objects represents a portion of the 
configuration data that relates to one or more resources of the device ([0142], 
lines 2-5, Delany). 

Regarding Claims 10 and 30, the combination of Valois in view of Delany, 
disclose a method wherein the objects have respective textual labels ([0143], 
lines 1-4, Delany) and the regular expression defines the textual pattern to match 
the textual labels ([0057], lines 4-9, Valois) of a set of one or more of the objects 
within the configuration hierarchy (Fig. 5, Delany). 

Regarding Claims 1 1 and 31 , the combination of Valois in view of Delany, 
disclose a method wherein evaluating the command comprises applying the 
regular expression to the command ([0099], lines 1-7, Valois) to determine 
whether the command specifies any of the objects within the set ([0142], lines 2- 
5, Delany). 
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11. Claims 12-14,19-21, and 32-34 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Valois (US Patent Publication No. 2004/0260818) in view of 
Delany (US Patent Publication No. 2002/0156879) and further in view of Nelson 
(US Patent No. 6,243,713). 

Regarding Claims 12 and 32, the combination of Valois in view of Delany, 
disclose a method further comprising to automatically insert one or more meta- 
characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
the hierarchical arrangement of the configuration data (Fig. 5, Delany). However, 
Valois in view of Delany, do not explicitly disclose pre-processing the regular 
expression. On the other hand, Nelson discloses pre-processing the regular 
expression (column 10, lines 39-50, Nelson). It would have been obvious to one 
of ordinary skill in the art at the time of the invention to incorporate Nelson's 
teachings into the Valois in view of Delany system. A skilled artisan would have 
been motivated to combine the two references as suggested by Nelson (column 
9, lines 60-65), in order to convert component data into a list of distinctive objects 
that represent the original data of the component, this is understood to perform 
data reduction. Pre-processing remove any non-essential information that does 
not substantially add to the quality of the system. As a result, pre-processing 
saves the system time and space for capacity. 
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Regarding Claims 13 and 33, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method further comprising: 

receiving the command from a client via a command line interface ([0199], 
lines 2-11, Delany); and 

pre-processing the regular expression (column 10, lines 39-50, Nelson) so 
that the command is evaluated with the regular expression in real-time ([0383], 
lines 9-14, Delany) as the client enters the command ([0199], lines 2-1 1 , Delany). 

Regarding Claims 14 and 34, the combination of Valois in view of Delany 
and further in view of Nelson, discloses a method wherein evaluating the 
command comprises evaluating the command with the pre-processed regular 
expression each time the client enters a token indicating a textual break within 
the command (column 17, lines 35-40, Nelson). 

Regarding Claim 19, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method comprising: 

receiving input ([0056], lines 3-7, Valois) defining an access control 
attribute ([0058], lines 4-10, Valois) and an associated regular expression that 
specifies a textual pattern ([0057], lines 4-9, Valois); 
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pre-processing the regular expression (column 10, lines 39-50, Nelson) to 
automatically insert one or more meta-characters into the regular expression 
([0451-0453], lines 1-7, Delany); 

evaluating a command in real-time using the regular expression ([0383], 
lines 9-14, Delany) as a client enters the command via a command line interface 
([0199], lines 2-11, Delany); and 

controlling access to configuration data of a device based on the 
evaluation ([0066], lines 1-9, Valois). 

Regarding Claim 20, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method further comprising storing the 
configuration data in the form of a multi-level configuration hierarchy having a 
plurality of objects (Fig. 5, [0142], lines 1-2, Delany), wherein pre-processing the 
regular expression comprises automatically inserting one or more meta- 
characters into the regular expression ([0451-0453], lines 1-7, Delany) based on 
the hierarchical arrangement of the configuration data (Fig. 5, Delany). 

Regarding Claim 21, the combination of Valois in view of Delany and 
further in view of Nelson, discloses a method wherein the regular expression 
defines a textual pattern that identifies one or more of the objects within the 
configuration hierarchy, and evaluating the command comprises: 
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applying the regular expression in real-time ([0383], lines 9-14, Delany) to 
determine whether a portion of the command that has been entered by the client 
matches the textual pattern (([0064], lines 1-5,Valois); and 

selectively allowing the client to complete the command based on the 
determination ([0199], lines 2-11, Delany). 



Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chelcie Daye whose telephone number is 571-272- 
3891 . The examiner can normally be reached on M-F, 7:00 - 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Safet Metjahic can be reached on 571-272-4023. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 

Patent Application Information Retrieval (PAIR) system. Status information for 

published applications may be obtained from either Private PAIR or Public PAIR. 

Status information for unpublished applications is available through Private PAIR only. 

For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

you have questions on access to the Private PAIR system, contact the Electronic 

Business Center (EBC) at 866-217-9197 (toll-free). 

Chelcie Daye 
Patent Examiner 
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